qcacld-3.0: Add max len check for bcn frame while adding to scan db

Currently, when an ML probe response is received for an ML link,
probe response are generated for all other links within driver
and added to scan db. MAX_MGMT_MPDU_LEN(2304) bytes of memory is
allocated for these just before deriving new frames.
Though the max frame-size never exceeds this, some static analyzer
tools complain on the max length check as there could be
buffer overflow.
Add a check while adding the entry to scan db to avoid
possibility of buffer overflow.

Change-Id: Ie55b40b9b73f12f20483f331fa2c25cca94f9b6f
CRs-Fixed: 3547419

core/mac/src/pe/lim/lim_api.c

@@ -3758,7 +3758,8 @@ lim_add_bcn_probe(struct wlan_objmgr_vdev *vdev, uint8_t *bcn_probe,
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
 
 	vdev_id = wlan_vdev_get_id(vdev);
-	if (!bcn_probe || !len || (len < sizeof(*hdr))) {
+	if (!bcn_probe || !len || (len < sizeof(*hdr)) ||
+	    len > MAX_MGMT_MPDU_LEN) {
 		pe_err("bcn_probe is null or invalid len %d",
 		       len);
 		return QDF_STATUS_E_FAILURE;